[33327] in Kerberos
Klist issues with Windows 7
daemon@ATHENA.MIT.EDU (=?ISO-8859-1?Q?Robert_Schr=F6der?=)
Tue Apr 12 12:22:00 2011
MIME-Version: 1.0
Date: Tue, 12 Apr 2011 18:21:54 +0200
Message-ID: <BANLkTi=xTDQYmMHLdpehU7VxUu0wTquL=g@mail.gmail.com>
From: =?ISO-8859-1?Q?Robert_Schr=F6der?= <robert.schrder@googlemail.com>
To: kerberos@mit.edu
Content-Type: text/plain; charset="iso-8859-1"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Hi there,
I'm working on a single-sign-on solution with kerberos for Windows 7.
I started to setup a virtual machine with integrated kerberos-login and a
modified logon.bat similar to our solution for Windows Xp clients.
In this batch we are trying to get the principal and the domain to map the
afs-drives.
On XP we are getting the principal by calling the %USERNAME%-variable, but
since Windows7 only returns the mapped user (in our case standarduser), I
figured that a simple solution should be to start klist.exe and read the
output to set the principal.
In my vm, the whole process works pretty fine, but after I tried to get my
solution to work with a real machine, I never get my tickets.
The console just returns something like this:
*Current LogonId is 0:0x1a38a
Cached Tickets: (0)*
If I try klist with the tgt value, I'm getting the following failure:
*Error calling API LsaCallAuthenticationPackage (Ticket Granting Ticket
substatus): 1312
*
*klist failed with 0x8009030e/-2146893042: No credentials are available in
the security package*
But if I start the cmd-console with administrator privileges, everything
works fine.
Windows won't let me to configure the klist-options to start it always as
administrator (actually I don't think that that would be a good idea
anyways)
So the question is, what am I doing wrong?
Is there something like an understanding problem on my side or did I just
found a bug?
Google couldn't find anything useful, so I'm trying to get your help :)
Thanks in advance.
Robert Schröder
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
